MALWARE

Malware Tutorial: Learn About Malware, Vulnerabilities and How to Avoid Malware

What Is Malware?

Malware is short for “malicious software”: hostile applications that are created with the express intent to damage or disable mobile devices, computers or network servers. Malware’s objectives can include disrupting computing or communication operations, stealing sensitive data, accessing private networks, or hijacking systems to exploit their resources. The exponential growth in email and internet use over the last decade has brought with it a corresponding growth in malware.

Malware is deliberately malevolent, even when disguised as genuine software from a seemingly reputable source. Today’s malware primarily targets sensitive personal, financial or business information, typically for monetary gain. Other objectives include identity theft, cyberwarfare and espionage, or service disruption targeting specific companies. The victims can just as easily be governments, enterprises or individual users. For a malware program to accomplish its goals, it must be able to run without being detected, shut down or deleted.

Microsoft recently reported that one in every 14 downloads from the internet may now contain malware. The rise of mobile computing and social media in recent years is witnessing an exponential rise in malware proliferation. Malware on the Android computing platform grew 3,325 percent in 2011 alone, according to a study by Juniper Networks.

Certain kinds of malware target websites or networks, not individuals. Web malware focuses on browser-based vulnerabilities as opposed to operating system vulnerabilities. Attacks can redirect site traffic to a fake phishing site, use the site as an endpoint in bot networks, or exploit the site’s hosting account for spam or other purposes. StopTheHacker has estimated that 6,000 websites fall prey to malware attacks every day.

How to Avoid Malware

Malware infection can cause network computing or communication processes to run unbearably slow or hijack them altogether. Individuals, employers and their software vendors can partner in shared anti-malware strategies. Here are some actions that can protect your computers and networks from malware:

Anti-malware software – It never hurts to have the latest version of a common malware-seeking program installed on all devices to seek and destroy rogue programs such as viruses. Scan personal or business computers regularly and update the software often.

Anti-spyware software – These packages provide real-time protection for computers against the installation of malware by scanning incoming traffic and blocking threats.

Spam filters – These block or quarantine email messages with suspicious content or from unknown senders to alert users not to open or respond. Most enterprises have centralized spam mitigation in place, and many personal email providers also provide this service.

Firewalls and IDS – Firewalls and intrusion detection systems act as traffic cops for network activity and block anything suspicious. This is enterprise-grade technology that protects user computers, servers or networks from malicious applications or cyberattack. Firewalls may not prevent malware installation, but they can detect nefarious in-process operations.

Security scans – This activity tests business websites and enterprise software for known malware that may have infected application code. Many app stores execute basic scans on software they host and sell, but this is no guarantee of safety so vigilance is needed.

Regular updates – Always keep network, desktop and device software and operating systems up to date. Security patches are issued regularly by trusted software vendors and should be installed to deflect the latest threats.

Common sense – The easiest way to deal with malware is to not get it in the first place. Experienced computer users avert potential disasters by practicing “skeptical computing,” which assumes that any new program is potentially harmful until proven safe.

Cookie Use

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site [without first changing your browser setting], you consent to our use of cookies. For more information see our cookies policy.

Veracode is a leading provider of enterprise-class application security, seamlessly integrating agile security solutions for organizations around the globe. In addition to application security services and secure devops services, Veracode provides a full security assessment to ensure your website and applications are secure, and ensures full enterprise data protection. Application protection services from Veracode include white box testing, and mobile application security testing, with customized solutions that eliminate vulnerabilities at all points along the development life cycle.